MyBulletinBoard Multiple SQL Injection Vulnerabilities

MyBulletinBoard Multiple SQL Injection Vulnerabilities

No exploit is required.

The following examples have been provided:

misc.php :-

http://www.example.com/misc.php?action=rules&fid=-1' [SQL]

newreply.php :-

One may inject SQL data by submitting a HTTP POST with a modification
of the http header as follows:

Content-Disposition: form-data; name="icon"\r\n
\r\n
-1') [SQL] /*\r\n